Governance, Risk and Compliance Advisory

Gap analysis

For companies working to achieve risk reduction to become eligible for insurance coverage, Lodestone professionals are prepared to help set you up for success. We perform a gap analysis of your organization based on security controls specified in the Beazley Ransomware Supplemental Application and Beazley Breach Response Questionnaire. Through interviews of subject matter experts and the review of documentation, technologies, and processes across your environment, we gain a complete perspective of your company and share our knowledge of insurance requirement compliance with you. Any areas where required controls are missing or could be enhanced are delivered to you in a detailed report that can be used to remediate any current deficiencies or demonstrate adherence to insurance requirements. 

Tabletop Exercises

Lodestone’s tabletop exercises combine realistic threat scenarios with our years of experience to test the strength of your company’s incident response plan. We partner with your key stakeholders to identify the exercises that best address the unique challenges your company might face in the wild. We examine your organization’s security infrastructure, including your staff’s ability to execute the incident response plan in place. 

The engagement concludes with the presentation of a detailed report that details your company’s strengths and weaknesses, along with recommendations to improve your readiness for a real-world event.

Security policy Review and Development

A strong security posture begins with strong foundations. Whether your company already has a mature set of security policies and procedures in place or is just getting started, we review your existing documentation, interview relevant stakeholders, and determine what changes can be made to enhance organizational governance. 

Our experts support you throughout this process with a combination of bolstering existing documentation and creating new material from the ground up. Our experts will provide you with a robust portfolio of security policies and procedures and guidance on what changes we have recommended and why.

Compliance and framework consulting

Our compliance experts will guide you on your journey towards meeting major compliance objectives as specified in frameworks and standards such as Payment Card Industry Data Security Standard (PCI-DSS), Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), NIST 171, NIST 800-53, and International Organization for Standardization (ISO) 27001. 

We will identify areas for improvement in your existing setup and provide you with detailed recommendations on how to achieve your desired certifications and standardization goals.

Customized Risk Assessment

Lodestone’s experts perform qualitative and compliance-focused risk assessments based on your choice of industry-specific standards such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Information Portability and Accountability Act (HIPAA), or the Gramm-Leach-Bliley Act (GLBA), or broader guidelines such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) or Center for Internet Security (CIS) 18 Critical Security Controls (CSCs). 

We get to know you, interviewing subject matter experts, reviewing documentation, and gaining a thorough understanding of your environment to identify your company’s unique strengths and weaknesses. From there, we help you develop a roadmap for reaching any of your compliance goals and addressing cyber risks within your company before a security incident comes knocking.

Attack Surface Mapping

Remote network testing can provide your company with critical insight into vulnerabilities that are exposed to potential threat actors. 

Lodestone’s experts will work with you to map out what parts of your organization may be most vulnerable and evaluate them at a single point in time via passive monitoring. After completing these assessments and validating results to reduce false positives, we provide a detailed report on our findings to give your company actionable intelligence on areas of your environment that are most exposed to would-be attackers.

Virtual CISO

Is your company ready to step into the future with powerful cyber-security initiatives? Lodestone’s virtual Chief Information Security Officer (CISO) service equips you with a direct line to a security expert who can remotely answer all your security questions. 

Our virtual CISO will show you the optimal steps towards creating a security foundation that protects the keys to your kingdom and helps you retain the trust of your customers.

Security Awareness Training

The “human factor” is one of companies’ least addressed yet greatest security risks. We empower your employees to identify and report suspicious activity in your environment and integrate best practices into their everyday work with minimal disruption. 

Our training can be provided in person, in a recorded format, or both, and we tailor our content to cover all of the security topics that best suit your company’s interests and needs.